AgentReadyHomeAgent ListingPricing

← Intlayer MCP server

Intlayer MCP server — agentic threat model

8.3AIVSS 8.3 · High

The Intlayer MCP server presents a moderate-to-high risk profile due to its local execution environment and integration with IDE CLI tools, making it susceptible to prompt injection attacks via malicious project files that could lead to unauthorized local command execution.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.55Factor sum 2.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.10
Contextual Awareness
0.60
Dynamic Identity
0.10
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The listing does not specify which underlying LLM is used, as it connects via MCP to the host IDE's model. However, threats include prompt injection via malicious project files or poisoned local documentation leading to malicious CLI command suggestions.

L2 · Data Operations✓ mapped

The agent dynamically loads local project files, Intlayer versions, and documentation. Threats include data poisoning if a malicious repository contains manipulated Intlayer documentation or configuration files, leading to incorrect or malicious code suggestions.

L3 · Agent Frameworks✓ mapped

Uses the Model Context Protocol (MCP) to integrate with IDEs. Threats include insecure tool integration where the MCP server exposes CLI execution tools ('run intlayer commands') that could be abused via prompt injection to execute arbitrary local commands.

L4 · Deployment & Infrastructure✓ mapped

Runs locally via 'npx @intlayer/mcp' within the user's IDE (Cursor/VS Code) without a dedicated server. Threats include local host compromise if the MCP server process is exploited, as it runs with the developer's local user privileges.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — The listing does not mention any built-in logging, guardrails, or evaluation mechanisms for monitoring the safety of generated CLI commands or code suggestions.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — There is no mention of authentication, authorization, or compliance audits. It relies entirely on the host IDE's security posture and local file permissions.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While it operates as an MCP server (which is an ecosystem protocol), there is no explicit mention of multi-agent orchestration or marketplace interactions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.